是的,Ubuntu上的Mosquitto MQTT代理支持SSL/TLS加密
要在Ubuntu Mosquitto中启用SSL/TLS加密,您需要按照以下步骤操作:
- 安装Mosquitto和OpenSSL:
sudo apt-get update sudo apt-get install mosquitto mosquitto-clients openssl
- 创建一个证书目录并切换到该目录:
mkdir certs cd certs
- 生成CA证书:
openssl req -new -x509 -days 365 -extensions v3_ca -keyout ca.key -out ca.crt
- 生成服务器证书和私钥:
openssl genrsa -out server.key 2048 openssl req -new -out server.csr -key server.key openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365
- 生成客户端证书和私钥:
openssl genrsa -out client.key 2048 openssl req -new -out client.csr -key client.key openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 365
- 将证书和私钥复制到Mosquitto配置目录:
sudo cp ca.crt server.crt server.key /etc/mosquitto/certs/
- 编辑Mosquitto配置文件(通常位于
/etc/mosquitto/mosquitto.conf
),添加以下内容以启用SSL/TLS加密:
listener 8883 cafile /etc/mosquitto/certs/ca.crt certfile /etc/mosquitto/certs/server.crt keyfile /etc/mosquitto/certs/server.key require_certificate true
- 重启Mosquitto服务:
sudo systemctl restart mosquitto
现在,您的Mosquitto服务器已启用SSL/TLS加密。客户端可以使用以下命令连接到服务器:
mosquitto_pub -h-p 8883 -t "topic" -m "message" --cafile ca.crt --cert client.crt --key client.key mosquitto_sub -h -p 8883 -t "topic" --cafile ca.crt --cert client.crt --key client.key
请确保将
替换为您的Mosquitto服务器的IP地址。